Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Assign Entitlement to an AD Account using HQL in Technical Rule

rashmirudrappa
New Contributor III
New Contributor III

‎10/08/2024 06:37 AM

Hi All,

We have a below requirement.

User can have 2 AD Accounts. Primary and Secondary Account

Primary Account has Entitlement 1, Entitlement 2 etc

Secondary Account has Entitlement 3 having CP1=1

Requirement is:

fetch all user AD accounts having entitlements with cp1=1

Assign CyberArk Entitlement to User's Primary Account

We have achieved this using Actionable reports.

Question: Is it possible to achieve this requirement using Detective Technical Rule with HQL?

 

Labels:
0 Kudos
7 REPLIES 7

Amit_Malik
Valued Contributor II
Valued Contributor II

‎10/08/2024 07:11 AM

Yes , all tables you need are exposed for rules.

https://docs.saviyntcloud.com/bundle/KBAs/page/Content/Obtaining-the-attribute-details-from-tables-o...

Above link has the hql class names and syntaxes

 

Kind Regards,
Amit Malik
If this helped you move forward, please click on the "Kudos" button.
If this answers your query, please select "Accept As Solution".
0 Kudos

rashmirudrappa
New Contributor III
New Contributor III

‎10/08/2024 07:47 AM

Hi Amit,

Thanks for your reply.

 In Technical Rule Condition, we are trying to fetch list of Primary AD Accounts, not the User details and it is throwing Invalid condition. Could you please let us know if the below condition is correct?

Accounts.name in (SELECT a.name FROM Accounts a JOIN Account_entitlements1 ae ON ae.ACCOUNTKEY = a.ACCOUNTKEY JOIN Entitlement_values ev on ev.entitlement_valuekey = ae.entitlement_valuekey JOIN User_accounts ua on ua.accountkey = a.accountkey JOIN Users u on u.userkey = ua.userkey WHERE a.endpointkey = 65 AND a.status IN ('1', 'Manually Provisioned') AND ev.customproperty1=1)

Thank you

Rashmi

0 Kudos

Amit_Malik
Valued Contributor II
Valued Contributor II
In response to rashmirudrappa

‎10/08/2024 08:00 AM

rules run on user, but it allows you to access other tables in advance query but the outcome of query has to be a user.

what you are trying in above query wont work

Kind Regards,
Amit Malik
If this helped you move forward, please click on the "Kudos" button.
If this answers your query, please select "Accept As Solution".
0 Kudos

rashmirudrappa
New Contributor III
New Contributor III
In response to Amit_Malik

‎10/08/2024 08:30 AM

Hi Amit,

Thank you. I will modify the condition and test it.

Thank you

Rashmi

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to rashmirudrappa

‎10/08/2024 08:32 AM

@rashmirudrappa  Use below query i have validated it


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to rashmirudrappa

‎10/08/2024 08:29 AM

USe below condition

rushikeshvartak_0-1728401342577.png

a.id IN (select ua.userkey FROM User_accounts ua WHERE ua.accountkey IN ( SELECT a.id FROM Accounts a,Account_entitlements1 ae ,Entitlement_values ev where a.endpointkey = 65 and a.status IN ('1', 'Manually Provisioned') AND ae.accountkey= a.id and ev.id= ae.entitlement_valuekey and ev.customproperty1 = '1'))

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

rashmirudrappa
New Contributor III
New Contributor III

‎10/08/2024 08:34 AM

Hi Rushi,

Thank you very much. I will test it and confirm.

Thank you

Rashmi

 

0 Kudos
Copyright © 2024 Khoros, LLC